Skip to content

xmss: add cross test with ream signature#433

Merged
tcoratger merged 2 commits intoleanEthereum:mainfrom
tcoratger:ream-sig
Mar 4, 2026
Merged

xmss: add cross test with ream signature#433
tcoratger merged 2 commits intoleanEthereum:mainfrom
tcoratger:ream-sig

Conversation

@tcoratger
Copy link
Collaborator

@tcoratger tcoratger commented Mar 2, 2026

🗒️ Description

The test is generated in Ream using:

#[test]
fn test_cross_client_compat_vectors() {
    let mut rng = ChaCha20Rng::seed_from_u64(42);

    let activation_epoch = 0;
    let num_active_epochs = 10;

    let (public_key, private_key) =
        PrivateKey::generate_key_pair(&mut rng, activation_epoch, num_active_epochs);

    let epoch = 5;
    let message = [0u8; 32];

    let signature = private_key
        .sign(&message, epoch)
        .expect("Signing should succeed");

    // Verify in ream first
    let is_valid = signature
        .verify(&public_key, epoch, &message)
        .expect("Verification should not error");
    assert!(is_valid, "Signature must verify in ream");

    // Assert expected sizes
    assert_eq!(public_key.inner.len(), 52, "PublicKey must be 52 bytes");
    assert_eq!(signature.inner.len(), 3112, "Signature must be 3112 bytes");

    // Print hex vectors for the Python test suite
    println!("PUBLIC_KEY_HEX={}", hex::encode(public_key.inner));
    println!("SIGNATURE_HEX={}", hex::encode(signature.inner));
    println!("EPOCH={epoch}");
    println!("MESSAGE={}", hex::encode(message));
}

🔗 Related Issues or PRs

✅ Checklist

  • Ran tox checks to avoid unnecessary CI fails: 
    uvx tox
  • Considered adding appropriate tests for the changes.
  • Considered updating the online docs in the ./docs/ directory.

@pablodeymo pablodeymo mentioned this pull request Mar 2, 2026
Merged
MegaRedHand pushed a commit to lambdaclass/ethlambda that referenced this pull request Mar 2, 2026
@pablodeymo @greptile-apps
Add cross-client XMSS compatibility tests (ream) (#177)
2a9aef7 
## Motivation

Multi-client interoperability is critical for the lean consensus
ecosystem. [leanSpec PR
#433](leanEthereum/leanSpec#433) introduces
cross-client XMSS compatibility tests that verify ream-produced
signatures can be decoded and verified by leanSpec's Python
implementation. This PR adds the equivalent tests to ethlambda, ensuring
our Rust client can also verify ream-generated XMSS signatures.

## Description

Adds 5 cross-client XMSS compatibility tests to
`crates/common/crypto/src/lib.rs` using test vectors from ream (epoch 5,
all-zeros message):

| Test | What it verifies |
|------|-----------------|
| `test_cross_client_decode_ream_public_key` | 52-byte pubkey roundtrip
(decode → encode) |
| `test_cross_client_decode_ream_signature` | 3112-byte signature
roundtrip (decode → encode) |
| `test_cross_client_verify_ream_signature` | Signature verifies with
correct epoch and message |
| `test_cross_client_ream_signature_rejects_wrong_message` | Rejects
verification with wrong message (`0xff...ff`) |
| `test_cross_client_ream_signature_rejects_wrong_epoch` | Rejects
verification with wrong epoch (6 instead of 5) |

These tests only do deserialization + verification (no keygen, no
aggregation), so they run fast (~50ms) and don't need `#[ignore]`.

Also adds `hex` as a dev-dependency to `ethlambda-crypto` for decoding
the test vectors.

## How to test

```bash
cargo test -p ethlambda-crypto -- cross_client
```

## Related

- leanSpec cross-client tests:
leanEthereum/leanSpec#433

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
@tcoratger tcoratger merged commit ec23730 into leanEthereum:main Mar 4, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tcoratger